http://www.fail2ban.org/wiki/index.php/Fail2ban:Community_Portal "Question about persistant IP bans over restart"
I think you need to adapt the example to CentOS/RH
Yeah, I saw that one and implemented it. I think I have to rewrite the action scripts my jails use. The odd part is the initial parsing behavior on a real restart such as a reboot, it parses the logs and only catches some of the total potential hosts that can trigger the ban. Prolly just a bug...
Really, unless your ban time is shorter than your logrotate, or you configure it to read some of the rotated logs there is a problem with maintaining the banlist on restarts if you don't do as the orig script does and del the iptables rules when exiting. If the process sh!ts the bed you still have an issue which wouldn't get cleared up until the next restart, but with the parsing issue you're left with an incomplete ruleset:/
Anyone know of a more elaborate app that does what fail2ban does but maintains a better state inbetween restarts?
Thanks! jlc